Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rpcapd-linux/rpcapd-linux

rpcapd utility modified to compile under linux
https://github.com/rpcapd-linux/rpcapd-linux

c network-analysis winpcap wireshark

Last synced: 3 months ago
JSON representation

rpcapd utility modified to compile under linux

Host: GitHub
URL: https://github.com/rpcapd-linux/rpcapd-linux
Owner: rpcapd-linux
Archived: true
Created: 2012-03-08T14:26:14.000Z (over 12 years ago)
Default Branch: master
Last Pushed: 2022-12-28T10:04:22.000Z (almost 2 years ago)
Last Synced: 2024-07-24T00:24:09.324Z (4 months ago)
Topics: c, network-analysis, winpcap, wireshark
Language: C
Homepage:
Size: 716 KB
Stars: 95
Watchers: 10
Forks: 29
Open Issues: 5
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-network-stuff - **46**星

README

        # Update: libpcap v1.9.0 now has rpcapd

An rpcapd executable is generated in libpcap v1.9.0 and later, when compiled with the `--enable-remote` flag (`./configure --enable-remote && make`). That should be used instead of this fork.

# rpcapd utility for Linux

rpcapd is a daemon that provides remote traffic capture for Windows version of [Wireshark](http://www.wireshark.org) protocol analyzer. It is shipped with [WinPcap](http://www.winpcap.org/)  network capture library for Windows but is absent from libpcap older than 1.9.0 in Linux.

This is a fork of rpcapd modified to compile and work in Linux.

It is still quite messy and may not compile or work.

## Building

This fork ships with a patched libpcap version found in WinPcap library.

Installation under Ubuntu Linux:

    sudo apt-get build-dep libpcap

    cd rpcapd/libpcap

    ./configure && make

    cd ../

    make

Installation under Centos/Fedora/Redhat Linux:

libcrypt.a in glibc-static is broken in ,remove `-static` in Makefile

     yum install -y byacc glibc-static libgcrypt-devel

     cd rpcapd/libpcap

     ./configure && make

     cd ../

     make

## Using

This tool is to be used with Windows clients connecting to the linux box. Launch this tool using

    sudo ./rpcapd -4 -n -p 

You can specify a data transfer port rather than a random port by default.

    sudo ./rpcapd -4 -n -t  -p 

Root privileges are needed to capture the interfaces.

There are two ways to connect from a Windows box: 

  1. Use GUI in Wireshark *Capture Options* dialog. Tested on Wireshark 1.7.1.

  2. Invoke wireshark from commnd line specifying capture interface directly:

    wireshark -k -i rpcapd://:/

`-k` means *start capture immedietly* and `-i` stands for *interface*. You can create a Windows shortcut or something afterwards.